* [PATCH v2 0/6] MIPS seccomp_bpf self test and fixups
2016-03-29 8:35 [PATCH v2 0/6] MIPS seccomp_bpf self test and fixups Matt Redfearn
@ 2016-03-29 8:35 ` Matt Redfearn
2016-03-29 8:35 ` [PATCH v2 4/6] seccomp: Get compat syscalls from asm-generic header Matt Redfearn
2016-03-30 5:06 ` [PATCH v2 0/6] MIPS seccomp_bpf self test and fixups Kees Cook
2 siblings, 0 replies; 6+ messages in thread
From: Matt Redfearn @ 2016-03-29 8:35 UTC (permalink / raw)
To: IMG-MIPSLinuxKerneldevelopers
Cc: Matt Redfearn, linux-mips, Arnd Bergmann, Andy Lutomirski,
Kees Cook, linux-kernel, Shuah Khan, Eric B Munson, James Hogan,
Andrew Morton, linux-kselftest, linux-arch, Markos Chandras,
Amanieu d'Antras, Ralf Baechle, Alex Smith, Paul Burton,
Will Drewry
These patches imporve seccomp support on MIPS.
Firstly support is added for building the seccomp_bpf self test for
MIPS. The
initial results of these tests were:
32bit kernel O32 userspace before: 48 / 48 pass
64bit kernel O32 userspace before: 47 / 48 pass
Failures: TRAP.Handler
64bit kernel N32 userspace before: 44 / 48 pass
Failures: global.mode_strict_support, TRAP.handler,
TRACE_syscall.syscall_redirected, TRACE_syscall.syscall_dropped
64bit kernel N64 userspace before: 46 / 48 pass
Failures: TRACE_syscall.syscall_redirected,
TRACE_syscall.syscall_dropped
The subsequent patches fix issues that were causing the above tests to
fail. With
these fixes, the results are:
32bit kernel O32 userspace after: 48 / 48
64bit kernel O32 userspace after: 48 / 48
64bit kernel N32 userspace after: 48 / 48
64bit kernel N64 userspace after: 48 / 48
Thanks,
Matt
Changes in v2:
- Tested on additional platforms
- Replace __NR_syscall which isn't defined for N32 / N64 ABIs
Matt Redfearn (6):
selftests/seccomp: add MIPS self-test support
MIPS: Support sending SIG_SYS to 32bit userspace from 64bit kernel
MIPS: scall: Handle seccomp filters which redirect syscalls
seccomp: Get compat syscalls from asm-generic header
MIPS: seccomp: Support compat with both O32 and N32
secomp: Constify mode1 syscall whitelist
arch/mips/include/asm/seccomp.h | 47 +++++++++++++++------------
arch/mips/kernel/scall32-o32.S | 11 +++----
arch/mips/kernel/scall64-64.S | 3 +-
arch/mips/kernel/scall64-n32.S | 14 +++++---
arch/mips/kernel/scall64-o32.S | 14 +++++---
arch/mips/kernel/signal32.c | 6 ++++
include/asm-generic/seccomp.h | 14 ++++++++
kernel/seccomp.c | 13 ++------
tools/testing/selftests/seccomp/seccomp_bpf.c | 30 +++++++++++++++--
9 files changed, 101 insertions(+), 51 deletions(-)
--
2.5.0
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH v2 4/6] seccomp: Get compat syscalls from asm-generic header
2016-03-29 8:35 [PATCH v2 0/6] MIPS seccomp_bpf self test and fixups Matt Redfearn
2016-03-29 8:35 ` Matt Redfearn
@ 2016-03-29 8:35 ` Matt Redfearn
2016-03-29 8:35 ` Matt Redfearn
2016-03-30 5:06 ` [PATCH v2 0/6] MIPS seccomp_bpf self test and fixups Kees Cook
2 siblings, 1 reply; 6+ messages in thread
From: Matt Redfearn @ 2016-03-29 8:35 UTC (permalink / raw)
To: IMG-MIPSLinuxKerneldevelopers
Cc: Matt Redfearn, linux-arch, Arnd Bergmann, Kees Cook,
linux-kernel, Andy Lutomirski, Will Drewry
Move retrieval of compat syscall numbers into inline function defined in
asm-generic header so that arches may override it.
Suggested-by: Paul Burton <paul.burton@imgtec.com>
Signed-off-by: Matt Redfearn <matt.redfearn@imgtec.com>
---
Changes in v2: None
include/asm-generic/seccomp.h | 14 ++++++++++++++
kernel/seccomp.c | 9 +--------
2 files changed, 15 insertions(+), 8 deletions(-)
diff --git a/include/asm-generic/seccomp.h b/include/asm-generic/seccomp.h
index c9ccafa0d99a..e74072d23e69 100644
--- a/include/asm-generic/seccomp.h
+++ b/include/asm-generic/seccomp.h
@@ -29,4 +29,18 @@
#define __NR_seccomp_sigreturn __NR_rt_sigreturn
#endif
+#ifdef CONFIG_COMPAT
+#ifndef get_compat_mode1_syscalls
+static inline const int *get_compat_mode1_syscalls(void)
+{
+ static const int mode1_syscalls_32[] = {
+ __NR_seccomp_read_32, __NR_seccomp_write_32,
+ __NR_seccomp_exit_32, __NR_seccomp_sigreturn_32,
+ 0, /* null terminated */
+ };
+ return mode1_syscalls_32;
+}
+#endif
+#endif /* CONFIG_COMPAT */
+
#endif /* _ASM_GENERIC_SECCOMP_H */
diff --git a/kernel/seccomp.c b/kernel/seccomp.c
index 15a1795bbba1..b0082c14764f 100644
--- a/kernel/seccomp.c
+++ b/kernel/seccomp.c
@@ -518,19 +518,12 @@ static int mode1_syscalls[] = {
0, /* null terminated */
};
-#ifdef CONFIG_COMPAT
-static int mode1_syscalls_32[] = {
- __NR_seccomp_read_32, __NR_seccomp_write_32, __NR_seccomp_exit_32, __NR_seccomp_sigreturn_32,
- 0, /* null terminated */
-};
-#endif
-
static void __secure_computing_strict(int this_syscall)
{
int *syscall_whitelist = mode1_syscalls;
#ifdef CONFIG_COMPAT
if (is_compat_task())
- syscall_whitelist = mode1_syscalls_32;
+ syscall_whitelist = get_compat_mode1_syscalls();
#endif
do {
if (*syscall_whitelist == this_syscall)
--
2.5.0
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH v2 4/6] seccomp: Get compat syscalls from asm-generic header
2016-03-29 8:35 ` [PATCH v2 4/6] seccomp: Get compat syscalls from asm-generic header Matt Redfearn
@ 2016-03-29 8:35 ` Matt Redfearn
0 siblings, 0 replies; 6+ messages in thread
From: Matt Redfearn @ 2016-03-29 8:35 UTC (permalink / raw)
To: IMG-MIPSLinuxKerneldevelopers
Cc: Matt Redfearn, linux-arch, Arnd Bergmann, Kees Cook,
linux-kernel, Andy Lutomirski, Will Drewry
Move retrieval of compat syscall numbers into inline function defined in
asm-generic header so that arches may override it.
Suggested-by: Paul Burton <paul.burton@imgtec.com>
Signed-off-by: Matt Redfearn <matt.redfearn@imgtec.com>
---
Changes in v2: None
include/asm-generic/seccomp.h | 14 ++++++++++++++
kernel/seccomp.c | 9 +--------
2 files changed, 15 insertions(+), 8 deletions(-)
diff --git a/include/asm-generic/seccomp.h b/include/asm-generic/seccomp.h
index c9ccafa0d99a..e74072d23e69 100644
--- a/include/asm-generic/seccomp.h
+++ b/include/asm-generic/seccomp.h
@@ -29,4 +29,18 @@
#define __NR_seccomp_sigreturn __NR_rt_sigreturn
#endif
+#ifdef CONFIG_COMPAT
+#ifndef get_compat_mode1_syscalls
+static inline const int *get_compat_mode1_syscalls(void)
+{
+ static const int mode1_syscalls_32[] = {
+ __NR_seccomp_read_32, __NR_seccomp_write_32,
+ __NR_seccomp_exit_32, __NR_seccomp_sigreturn_32,
+ 0, /* null terminated */
+ };
+ return mode1_syscalls_32;
+}
+#endif
+#endif /* CONFIG_COMPAT */
+
#endif /* _ASM_GENERIC_SECCOMP_H */
diff --git a/kernel/seccomp.c b/kernel/seccomp.c
index 15a1795bbba1..b0082c14764f 100644
--- a/kernel/seccomp.c
+++ b/kernel/seccomp.c
@@ -518,19 +518,12 @@ static int mode1_syscalls[] = {
0, /* null terminated */
};
-#ifdef CONFIG_COMPAT
-static int mode1_syscalls_32[] = {
- __NR_seccomp_read_32, __NR_seccomp_write_32, __NR_seccomp_exit_32, __NR_seccomp_sigreturn_32,
- 0, /* null terminated */
-};
-#endif
-
static void __secure_computing_strict(int this_syscall)
{
int *syscall_whitelist = mode1_syscalls;
#ifdef CONFIG_COMPAT
if (is_compat_task())
- syscall_whitelist = mode1_syscalls_32;
+ syscall_whitelist = get_compat_mode1_syscalls();
#endif
do {
if (*syscall_whitelist == this_syscall)
--
2.5.0
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH v2 0/6] MIPS seccomp_bpf self test and fixups
2016-03-29 8:35 [PATCH v2 0/6] MIPS seccomp_bpf self test and fixups Matt Redfearn
2016-03-29 8:35 ` Matt Redfearn
2016-03-29 8:35 ` [PATCH v2 4/6] seccomp: Get compat syscalls from asm-generic header Matt Redfearn
@ 2016-03-30 5:06 ` Kees Cook
2016-03-31 8:57 ` Matt Redfearn
2 siblings, 1 reply; 6+ messages in thread
From: Kees Cook @ 2016-03-30 5:06 UTC (permalink / raw)
To: Matt Redfearn
Cc: IMG-MIPSLinuxKerneldevelopers, Linux MIPS Mailing List,
Arnd Bergmann, Andy Lutomirski, LKML, Shuah Khan, Eric B Munson,
James Hogan, Andrew Morton, linux-kselftest, linux-arch,
Markos Chandras, Amanieu d'Antras, Ralf Baechle, Alex Smith,
Paul Burton, Will Drewry
On Tue, Mar 29, 2016 at 1:35 AM, Matt Redfearn <matt.redfearn@imgtec.com> wrote:
> These patches imporve seccomp support on MIPS.
>
> Firstly support is added for building the seccomp_bpf self test for
> MIPS. The
> initial results of these tests were:
>
> 32bit kernel O32 userspace before: 48 / 48 pass
> 64bit kernel O32 userspace before: 47 / 48 pass
> Failures: TRAP.Handler
> 64bit kernel N32 userspace before: 44 / 48 pass
> Failures: global.mode_strict_support, TRAP.handler,
> TRACE_syscall.syscall_redirected, TRACE_syscall.syscall_dropped
> 64bit kernel N64 userspace before: 46 / 48 pass
> Failures: TRACE_syscall.syscall_redirected,
> TRACE_syscall.syscall_dropped
>
> The subsequent patches fix issues that were causing the above tests to
> fail. With
> these fixes, the results are:
> 32bit kernel O32 userspace after: 48 / 48
> 64bit kernel O32 userspace after: 48 / 48
> 64bit kernel N32 userspace after: 48 / 48
> 64bit kernel N64 userspace after: 48 / 48
>
> Thanks,
> Matt
>
> Changes in v2:
> - Tested on additional platforms
> - Replace __NR_syscall which isn't defined for N32 / N64 ABIs
>
> Matt Redfearn (6):
> selftests/seccomp: add MIPS self-test support
> MIPS: Support sending SIG_SYS to 32bit userspace from 64bit kernel
> MIPS: scall: Handle seccomp filters which redirect syscalls
> seccomp: Get compat syscalls from asm-generic header
> MIPS: seccomp: Support compat with both O32 and N32
> secomp: Constify mode1 syscall whitelist
>
> arch/mips/include/asm/seccomp.h | 47 +++++++++++++++------------
> arch/mips/kernel/scall32-o32.S | 11 +++----
> arch/mips/kernel/scall64-64.S | 3 +-
> arch/mips/kernel/scall64-n32.S | 14 +++++---
> arch/mips/kernel/scall64-o32.S | 14 +++++---
> arch/mips/kernel/signal32.c | 6 ++++
> include/asm-generic/seccomp.h | 14 ++++++++
> kernel/seccomp.c | 13 ++------
> tools/testing/selftests/seccomp/seccomp_bpf.c | 30 +++++++++++++++--
> 9 files changed, 101 insertions(+), 51 deletions(-)
Thanks for digging into this! Consider all the seccomp pieces:
Acked-by: Kees Cook <keescook@chromium.org>
Probably best to carry it all in the MIPS tree, but if you want to me
take pieces of it into my seccomp tree, I can do that. Up to you. :)
-Kees
--
Kees Cook
Chrome OS & Brillo Security
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH v2 0/6] MIPS seccomp_bpf self test and fixups
2016-03-30 5:06 ` [PATCH v2 0/6] MIPS seccomp_bpf self test and fixups Kees Cook
@ 2016-03-31 8:57 ` Matt Redfearn
0 siblings, 0 replies; 6+ messages in thread
From: Matt Redfearn @ 2016-03-31 8:57 UTC (permalink / raw)
To: Kees Cook
Cc: Linux MIPS Mailing List, Arnd Bergmann, Andy Lutomirski, LKML,
Shuah Khan, Eric B Munson, James Hogan, Andrew Morton,
linux-kselftest, linux-arch, Markos Chandras,
Amanieu d'Antras, Ralf Baechle, Alex Smith, Paul Burton,
Will Drewry
On 30/03/16 06:06, Kees Cook wrote:
> On Tue, Mar 29, 2016 at 1:35 AM, Matt Redfearn <matt.redfearn@imgtec.com> wrote:
>> These patches imporve seccomp support on MIPS.
>>
>> Firstly support is added for building the seccomp_bpf self test for
>> MIPS. The
>> initial results of these tests were:
>>
>> 32bit kernel O32 userspace before: 48 / 48 pass
>> 64bit kernel O32 userspace before: 47 / 48 pass
>> Failures: TRAP.Handler
>> 64bit kernel N32 userspace before: 44 / 48 pass
>> Failures: global.mode_strict_support, TRAP.handler,
>> TRACE_syscall.syscall_redirected, TRACE_syscall.syscall_dropped
>> 64bit kernel N64 userspace before: 46 / 48 pass
>> Failures: TRACE_syscall.syscall_redirected,
>> TRACE_syscall.syscall_dropped
>>
>> The subsequent patches fix issues that were causing the above tests to
>> fail. With
>> these fixes, the results are:
>> 32bit kernel O32 userspace after: 48 / 48
>> 64bit kernel O32 userspace after: 48 / 48
>> 64bit kernel N32 userspace after: 48 / 48
>> 64bit kernel N64 userspace after: 48 / 48
>>
>> Thanks,
>> Matt
>>
>> Changes in v2:
>> - Tested on additional platforms
>> - Replace __NR_syscall which isn't defined for N32 / N64 ABIs
>>
>> Matt Redfearn (6):
>> selftests/seccomp: add MIPS self-test support
>> MIPS: Support sending SIG_SYS to 32bit userspace from 64bit kernel
>> MIPS: scall: Handle seccomp filters which redirect syscalls
>> seccomp: Get compat syscalls from asm-generic header
>> MIPS: seccomp: Support compat with both O32 and N32
>> secomp: Constify mode1 syscall whitelist
>>
>> arch/mips/include/asm/seccomp.h | 47 +++++++++++++++------------
>> arch/mips/kernel/scall32-o32.S | 11 +++----
>> arch/mips/kernel/scall64-64.S | 3 +-
>> arch/mips/kernel/scall64-n32.S | 14 +++++---
>> arch/mips/kernel/scall64-o32.S | 14 +++++---
>> arch/mips/kernel/signal32.c | 6 ++++
>> include/asm-generic/seccomp.h | 14 ++++++++
>> kernel/seccomp.c | 13 ++------
>> tools/testing/selftests/seccomp/seccomp_bpf.c | 30 +++++++++++++++--
>> 9 files changed, 101 insertions(+), 51 deletions(-)
> Thanks for digging into this! Consider all the seccomp pieces:
>
> Acked-by: Kees Cook <keescook@chromium.org>
>
> Probably best to carry it all in the MIPS tree, but if you want to me
> take pieces of it into my seccomp tree, I can do that. Up to you. :)
>
> -Kees
>
Thanks Kees. Ralf is going to take it via the MIPS tree.
Matt
^ permalink raw reply [flat|nested] 6+ messages in thread